use axum::extract::{Json, State};

use crate::{
    empty::Empty,
    test::{fixtures, verify},
};

#[tokio::test]
async fn password_change() {
    // Set up the environment
    let app = fixtures::scratch_app().await;
    let creds = fixtures::user::create_with_password(&app, &fixtures::now()).await;
    let cookie = fixtures::cookie::logged_in(&app, &creds, &fixtures::now()).await;
    let identity = fixtures::identity::from_cookie(&app, &cookie, &fixtures::now()).await;

    // Call the endpoint
    let (name, password) = creds;
    let to = fixtures::user::propose_password();
    let request = super::Request {
        password: password.clone(),
        to: to.clone(),
    };
    let (new_cookie, Empty) = super::handler(
        State(app.logins()),
        fixtures::now(),
        identity.clone(),
        cookie.clone(),
        Json(request),
    )
    .await
    .expect("changing passwords succeeds");

    // Verify that we have a new session
    assert_ne!(cookie.secret(), new_cookie.secret());

    // Verify that we're still ourselves
    verify::identity::valid_for_login(&app, &new_cookie, &identity.login).await;

    // Verify that our original token is no longer valid
    verify::identity::invalid(&app, &cookie).await;

    // Verify that our original password is no longer valid
    verify::login::invalid_login(&app, &name, &password).await;

    // Verify that our new password is valid
    verify::login::valid_login(&app, &name, &to).await;
}